mysec
Premium
join:2005-11-29
| reply to daveinpoway
From time to time the focus in the media on security shifts to the browser. For the general reader seeking information on security, the effect of these articles can be a bit overwhelming because the of maze of statistics displayed, as exemplified in the first article.
But, there may be even more, he learns:
The entire report is a valuable read on the state of browser security but, as Brian Krebs points out, the conclusions should be considered conservative since it does not include information on vulnerable plugins (think Flash Player, Adobe Reader, Java, QuickTime, etc).
In the second article,
"Even under the best update circumstances, it still takes three days to get to an 80-percent patch level," Frei said. "Now imagine that across all the plug-ins ... and you have a problem."
First, he's told he needs a secure browser. Now he learns that there will be periods of time when the browser will be vulnerable, and all sorts of dire consequences from "browsing unsecured" may take place.
Now what does he think?
A starting point mentioned by Brian Krebs in an article linked from the blogs.zdnet.com blog is:
The Importance of the Limited User, Revisited
»blog.washingtonpost.com/security···ted.html
If you use a computer powered by Microsoft Windows to surf the Web, check your e-mail and so forth, the single most important step you can take to protect your machine from viruses, worms and hackers is to use a "limited user" account for everyday computer use.
...the limited-user account does not have the right to install programs or change system settings. As a result, when malicious Web sites try to use security weaknesses in the operating system or your Web browser to conduct "drive-by" spyware and malware installs, for example,
that installation process fails. (my emphasis)
Looking at some of the analyses of attacks mentioned in the above articles:
Legitimate sites serving up stealthy attacks
»www.securityfocus.com/news/11501
The actual malicious code served to visitors by the sites compromised by the Random J S Toolkit attempts to exploit computers using 13 different vulnerabilities, the company said. The Trojan horse program steals the victim's login credentials to access online banks.
A Trojan horse program is a malicious executable that becomes installed on the victim's computer as a result of this attack.
New Variant of Crimeware Toolkit Infecting More Than 10,000 US Websites in December
»www.finjan.com/Pressrelease.aspx···19&lan=3
The attack, which Finjan has designated "random js toolkit," is an extremely elusive crimeware Trojan that infects an end user's machine and sends data from the machine via the Internet to the Trojan's "master", a cybercriminal.
Experts warn over S Q L injection attacks
»www.securityfocus.com/brief/729
"The exploits target Microsoft applications, specifically browsers not patched against the VML exploit MS07-004 as well as other applications," security firm Websense stated in a research note last week. "Ominously files named McAfee.htm and Yahoo.php are also called by 1.htm but are no longer active at the time of writing."
The named files are malware executables that become installed on the victim's computer as a result of this attack.
Thousands of More Hacked Websites
»www.shadowserver.org/wiki/pmwiki···20080424
Successful exploit attempts coming from nihaorr1.com will result in the download of test.exe from the website. This is another password stealer like the one we found last time.
Mr. Krebs uses Limited User Account (LUA) as an example of protection. Those for whom this is not an option, or wish something different, can choose from numerous other solutions which provide the same protection, so that (quoting Krebs again)
when malicious Web sites try to use security weaknesses in the operating system or your Web browser to conduct "drive-by" spyware and malware installs, for example,
that installation process fails.
This is not to disregard Browser Security. It just resets the priorities in the user's thinking. The user can browse the internet confidently, staying alert as to browser patches/updates, knowing that he is protected by other means.
The Browser should not be thought of as the last line of defense. This point is rarely mentioned, but one that I emphasize with people I'm in contact with.
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by mysec  :. . A starting point mentioned by Brian Krebs in an article linked from the blogs.zdnet.com blog is: The Importance of the Limited User, Revisited » blog.washingtonpost.com/security···ted.htmlIf you use a computer powered by Microsoft Windows to surf the Web, check your e-mail and so forth, the single most important step you can take to protect your machine from viruses, worms and hackers is to use a "limited user" account for everyday computer use.
...the limited-user account does not have the right to install programs or change system settings. As a result, when malicious Web sites try to use security weaknesses in the operating system or your Web browser to conduct "drive-by" spyware and malware installs, for example,
that installation process fails. Amen, Brother. Let me be a Witness. |
·
·
·
I put mine away. 